我有一个需要双向证书的 apache:
SSLVerifyClient require
SSLVerifyDepth 2
<Location /myws>
SSLVerifyClient require
SetOutputFilter DEFLATE
Order Deny,Allow
Allow from all
SetHandler weblogic-handler
</Location>
我有一个 tomcat 需要连接到这个 apache,不要求证书,我尝试:
<If "-R 'xxx.xxx.xxx.xxx'">
SSLVerifyClient none
</If>
<Else>
SSLVerifyClient require
SSLVerifyDepth 2
</Else>
<Location /myws>
<If "-R 'xxx.xxx.xxx.xxx'">
SSLVerifyClient none
SetOutputFilter DEFLATE
Order Deny,Allow
Allow from all
SetHandler weblogic-handler
</If>
<Else>
SSLVerifyClient require
SetOutputFilter DEFLATE
Order Deny,Allow
Allow from all
SetHandler weblogic-handler
</Else>
</Location>
但是好像不行
我也尝试了一些重写规则,但 SSL 事先阻止了连接。
有没有办法绕过特定源 IP 的 SSL 认证?
在应用@sundararaj-govindasamy 推荐的内容后添加了导出: SSLOptions +StrictRequire
##Como esta ahora, con ssl 2 vias##
wget --no-check-certificate htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
--2017-01-30 08:14:15-- htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
Connecting to xx.xx.xx.xx:7998... connected.
OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Unable to establish SSL connection.
[Mon Jan 30 08:14:31.021132 2017] [ssl:info] [pid 22302:tid 140333961410304] [client invalid.client.server.ip:38728] AH01964: Connection to child 64 established (server qaserver.mycompany.com.ar:443)
[Mon Jan 30 08:14:31.054671 2017] [ssl:info] [pid 22302:tid 140333961410304] [client invalid.client.server.ip:38728] AH02008: SSL library error 1 in handshake (server qaserver.mycompany.com.ar:443)
[Mon Jan 30 08:14:31.054781 2017] [ssl:info] [pid 22302:tid 140333961410304] SSL Library Error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate -- No CAs known to server for verification?
[Mon Jan 30 08:14:31.054803 2017] [ssl:info] [pid 22302:tid 140333961410304] [client invalid.client.server.ip:38728] AH01998: Connection closed to child 64 with abortive shutdown (server qaserver.mycompany.com.ar:443)
##Con la configuración:##
wget --no-check-certificate htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
--2017-01-30 08:10:13-- htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
Connecting to xx.xx.xx.xx:7998... connected.
WARNING: cannot verify xx.xx.xx.xx's certificate, issued by â/C=AR/ST=Ciudad Autonoma de Buenos Aires/O=mycompany SA/OU=Gerencia de Seguridad Informatica/CN=myapplicationC QA/emailAddress=seguridad@mycompany.com.arâ:
Self-signed certificate encountered.
WARNING: certificate common name âqaserver.mycompany.com.arâ doesn't match requested host name âxx.xx.xx.xxâ.
HTTP request sent, awaiting response... No data received.
Retrying.
Log:
[Mon Jan 30 08:10:13.495232 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH01964: Connection to child 130 established (server qaserver.mycompany.com.ar:443)
[Mon Jan 30 08:10:13.528877 2017] [ssl:debug] [pid 21880:tid 140505308329728] ssl_engine_kernel.c(1812): [client valid.client.server.ip:56780] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Mon Jan 30 08:10:13.529595 2017] [ssl:debug] [pid 21880:tid 140505308329728] ssl_engine_kernel.c(224): [client valid.client.server.ip:56780] AH02034: Initial (No.1) HTTPS request received for child 130 (server qaserver.mycompany.com.ar:443)
[Mon Jan 30 08:10:13.529773 2017] [ssl:debug] [pid 21880:tid 140505308329728] ssl_engine_kernel.c(572): [client valid.client.server.ip:56780] AH02255: Changed client verification type will force renegotiation
[Mon Jan 30 08:10:13.529811 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH02221: Requesting connection re-negotiation
[Mon Jan 30 08:10:13.529844 2017] [ssl:debug] [pid 21880:tid 140505308329728] ssl_engine_kernel.c(772): [client valid.client.server.ip:56780] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
[Mon Jan 30 08:10:13.529928 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH02226: Awaiting re-negotiation handshake
[Mon Jan 30 08:10:13.560943 2017] [ssl:error] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH02261: Re-negotiation handshake failed: Not accepted by client!?
[Mon Jan 30 08:10:13.561119 2017] [authz_core:debug] [pid 21880:tid 140505308329728] mod_authz_core.c(835): [client valid.client.server.ip:56780] AH01628: authorization result: granted (no directives)
[Mon Jan 30 08:10:13.561264 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH02008: SSL library error 1 in handshake (server qaserver.mycompany.com.ar:443)
[Mon Jan 30 08:10:13.561307 2017] [ssl:info] [pid 21880:tid 140505308329728] SSL Library Error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate -- No CAs known to server for verification?
[Mon Jan 30 08:10:13.561329 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH01998: Connection closed to child 130 with abortive shutdown (server qaserver.mycompany.com.ar:443)
wget --no-check-certificate htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
--2017-01-30 08:11:08-- htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
Connecting to xx.xx.xx.xx:7998... connected.
WARNING: cannot verify xx.xx.xx.xx's certificate, issued by â/C=AR/ST=Ciudad Autonoma de Buenos Aires/O=mycompany SA/OU=Gerencia de Seguridad Informatica/CN=myapplicationC QA/emailAddress=seguridad@mycompany.com.arâ:
Self-signed certificate encountered.
WARNING: certificate common name âqaserver.mycompany.com.arâ doesn't match requested host name âxx.xx.xx.xxâ.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: âCuentaVerifierBean.5â
[ <=> ] 1,546 --.-K/s in 0s
2017-01-30 08:11:08 (16.6 MB/s) - âCuentaVerifierBean.5â saved [1546]
[Mon Jan 30 08:11:08.468336 2017] [ssl:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] AH01964: Connection to child 132 established (server qaserver.mycompany.com.ar:443)
[Mon Jan 30 08:11:08.500247 2017] [ssl:debug] [pid 22134:tid 140183680829184] ssl_engine_kernel.c(1812): [client invalid.client.server.ip:38632] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Mon Jan 30 08:11:08.500896 2017] [ssl:debug] [pid 22134:tid 140183680829184] ssl_engine_kernel.c(224): [client invalid.client.server.ip:38632] AH02034: Initial (No.1) HTTPS request received for child 132 (server qaserver.mycompany.com.ar:443)
[Mon Jan 30 08:11:08.501109 2017] [authz_core:debug] [pid 22134:tid 140183680829184] mod_authz_core.c(835): [client invalid.client.server.ip:38632] AH01628: authorization result: granted (no directives)
[Mon Jan 30 08:11:08.501206 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URLFactory.cpp(163): [client invalid.client.server.ip:38632] <2213014857746641> URLfactory Created: 22134
[Mon Jan 30 08:11:08.501280 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(841): [client invalid.client.server.ip:38632] <2213414857746682> ================New Request: [GET /myapplication/CuentaVerifierBean HTTP/1.1] =================
[Mon Jan 30 08:11:08.501322 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(997): [client invalid.client.server.ip:38632] <2213414857746682> Using Uri /myapplication/CuentaVerifierBean
[Mon Jan 30 08:11:08.501338 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(1017): [client invalid.client.server.ip:38632] <2213414857746682> After trimming path: '/myapplication/CuentaVerifierBean'
[Mon Jan 30 08:11:08.501346 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(1093): [client invalid.client.server.ip:38632] <2213414857746682> The final request string is '/myapplication/CuentaVerifierBean'
[Mon Jan 30 08:11:08.501368 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(1936): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: Socket Address hostnames 'ibsibqamyapplication01:7003,ibsibqamyapplication02:7003'
[Mon Jan 30 08:11:08.501389 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2002): [client invalid.client.server.ip:38632] <2213414857746682> Host extracted from serverlist is [ibsibqamyapplication01]
[Mon Jan 30 08:11:08.501592 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2053): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: trying IP addr app.weblogic.server.ip
[Mon Jan 30 08:11:08.501996 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2089): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: socket and connect succeeded
[Mon Jan 30 08:11:08.502074 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2110): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: IP from socket Address [app.weblogic.server.ip]
[Mon Jan 30 08:11:08.502108 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2002): [client invalid.client.server.ip:38632] <2213414857746682> Host extracted from serverlist is [ibsibqamyapplication02]
[Mon Jan 30 08:11:08.502198 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2053): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: trying IP addr node2.weblogic.server.ip
[Mon Jan 30 08:11:08.502532 2017] [weblogic:error] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: ibsibqamyapplication02:7003 apr_socket_connect error [111] Connection refused
[Mon Jan 30 08:11:08.502564 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2110): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: IP from socket Address [node2.weblogic.server.ip]
[Mon Jan 30 08:11:08.502597 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3028): [client invalid.client.server.ip:38632] <2213414857746682> Initializing lastIndex=1 for a list of length=2
[Mon Jan 30 08:11:08.502615 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(525): [client invalid.client.server.ip:38632] <2213414857746682> getListNode: created a new server node: id='ibsibqamyapplication01:7003,ibsibqamyapplication02:7003' server_name='xx.xx.xx.xx', port='7998'
[Mon Jan 30 08:11:08.502657 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ap_proxy.cpp(512): [client invalid.client.server.ip:38632] <2213414857746682> attempt #0 out of a max of 5
[Mon Jan 30 08:11:08.502679 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(2485): [client invalid.client.server.ip:38632] <2213414857746682> keepAlive = 1, canRecycle = 1
[Mon Jan 30 08:11:08.502691 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(2488): [client invalid.client.server.ip:38632] <2213414857746682> Trying a pooled connection for 'app.weblogic.server.ip/7003/7003'
[Mon Jan 30 08:11:08.502702 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3058): [client invalid.client.server.ip:38632] <2213414857746682> getPooledConn: found a host and port/securePort match
[Mon Jan 30 08:11:08.502714 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3109): [client invalid.client.server.ip:38632] <2213414857746682> getPooledConn: No more connections in the pool for Host[app.weblogic.server.ip] Port[7003] SecurePort[7003]
[Mon Jan 30 08:11:08.502727 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(2520): [client invalid.client.server.ip:38632] <2213414857746682> general list: trying connect to 'app.weblogic.server.ip'/7003/7003 at line 2520 for '/myapplication/CuentaVerifierBean'
[Mon Jan 30 08:11:08.503055 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1785): [client invalid.client.server.ip:38632] <2213414857746682> URL::Connect: Connected successfully
[Mon Jan 30 08:11:08.503094 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1824): [client invalid.client.server.ip:38632] <2213414857746682> SSL is not configured for this connection
[Mon Jan 30 08:11:08.503116 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1844): [client invalid.client.server.ip:38632] <2213414857746682> Local Port of the socket is 56043
[Mon Jan 30 08:11:08.503123 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1850): [client invalid.client.server.ip:38632] <2213414857746682> Remote Host app.weblogic.server.ip Remote Port 56043
[Mon Jan 30 08:11:08.503138 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(2554): [client invalid.client.server.ip:38632] <2213414857746682> general list: created a new connection to 'app.weblogic.server.ip'/7003 for '/myapplication/CuentaVerifierBean', Local port:56043
[Mon Jan 30 08:11:08.503149 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(583): [client invalid.client.server.ip:38632] <2213414857746682> Entering method BaseProxy::sendRequest
[Mon Jan 30 08:11:08.503168 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(1234): [client invalid.client.server.ip:38632] <2213414857746682> Entering method BaseProxy::parse_headers
[Mon Jan 30 08:11:08.503180 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(1252): [client invalid.client.server.ip:38632] <2213414857746682> No of headers =5
[Mon Jan 30 08:11:08.503191 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[User-Agent]=[Wget/1.14 (linux-gnu)]
[Mon Jan 30 08:11:08.503207 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[Accept]=[*/*]
[Mon Jan 30 08:11:08.503220 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[Host]=[xx.xx.xx.xx:7998]
[Mon Jan 30 08:11:08.503231 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[Connection]=[Keep-Alive]
[Mon Jan 30 08:11:08.503238 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[canalid-myapplication]=[]
[Mon Jan 30 08:11:08.503250 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(1428): [client invalid.client.server.ip:38632] <2213414857746682> Exiting method BaseProxy::parse_headers
[Mon Jan 30 08:11:08.503256 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(593): [client invalid.client.server.ip:38632] <2213414857746682> parse_client_headers is done
[Mon Jan 30 08:11:08.503268 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(697): [client invalid.client.server.ip:38632] <2213414857746682> Method is GET
[Mon Jan 30 08:11:08.503277 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> URL::sendHeaders(): meth='GET' file='/myapplication/CuentaVerifierBean' protocol='HTTP/1.1'
[Mon Jan 30 08:11:08.503285 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [User-Agent]=[Wget/1.14 (linux-gnu)]
[Mon Jan 30 08:11:08.503291 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [Accept]=[*/*]
[Mon Jan 30 08:11:08.503297 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [Host]=[xx.xx.xx.xx:7998]
[Mon Jan 30 08:11:08.503303 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [canalid-myapplication]=[]
[Mon Jan 30 08:11:08.503309 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [Connection]=[Keep-Alive]
[Mon Jan 30 08:11:08.503315 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [WL-Proxy-SSL]=[true]
[Mon Jan 30 08:11:08.503321 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [X-Forwarded-For]=[invalid.client.server.ip]
[Mon Jan 30 08:11:08.503326 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [WL-Proxy-Client-IP]=[invalid.client.server.ip]
[Mon Jan 30 08:11:08.503332 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [WL-Proxy-Client-Port]=[38632]
[Mon Jan 30 08:11:08.503338 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [X-WebLogic-KeepAliveSecs]=[30]
[Mon Jan 30 08:11:08.503344 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [X-WebLogic-Force-JVMID]=[unset]
[Mon Jan 30 08:11:08.503349 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [X-WebLogic-Request-ClusterInfo]=[true]
[Mon Jan 30 08:11:08.503382 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(782): [client invalid.client.server.ip:38632] <2213414857746682> About to call parseHeaders
[Mon Jan 30 08:11:08.503414 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(221): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): first=0 last=0 toRead=4096
[Mon Jan 30 08:11:08.505266 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(270): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): sysRecv returned 153
[Mon Jan 30 08:11:08.505304 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(842): [client invalid.client.server.ip:38632] <2213414857746682> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 200 OK]
[Mon Jan 30 08:11:08.505312 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(844): [client invalid.client.server.ip:38632] <2213414857746682> URL::parseHeaders: StatusLine set to [200 OK]
[Mon Jan 30 08:11:08.505319 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(852): [client invalid.client.server.ip:38632] <2213414857746682> URL::parseHeaders: StatusLineWithoutStatusCode set to [OK]
[Mon Jan 30 08:11:08.505326 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from WLS:[Date]=[Mon, 30 Jan 2017 11:11:08 GMT]
[Mon Jan 30 08:11:08.505335 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from WLS:[Transfer-Encoding]=[chunked]
[Mon Jan 30 08:11:08.505341 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from WLS:[Content-Type]=[text/html; charset=utf-8]
[Mon Jan 30 08:11:08.505350 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from WLS:[X-WebLogic-JVMID]=[543890065]
[Mon Jan 30 08:11:08.505356 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(966): [client invalid.client.server.ip:38632] <2213414857746682> parsed all headers OK
[Mon Jan 30 08:11:08.505361 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(856): [client invalid.client.server.ip:38632] <2213414857746682> Exiting method BaseProxy::sendRequest
[Mon Jan 30 08:11:08.505367 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(255): [client invalid.client.server.ip:38632] <2213414857746682> sendResponse() : r->status = '200'
[Mon Jan 30 08:11:08.505376 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Hdrs to client (add):[Date]=[Mon, 30 Jan 2017 11:11:08 GMT]
[Mon Jan 30 08:11:08.505383 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(270): [client invalid.client.server.ip:38632] <2213414857746682> for app.weblogic.server.ip/7003/7003, updated JVMID: 543890065
[Mon Jan 30 08:11:08.505390 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(221): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): first=0 last=0 toRead=4096
[Mon Jan 30 08:11:08.505405 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(270): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): sysRecv returned 781
[Mon Jan 30 08:11:08.505616 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(221): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): first=0 last=0 toRead=4096
[Mon Jan 30 08:11:08.505662 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(270): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): sysRecv returned 789
[Mon Jan 30 08:11:08.505714 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ap_proxy.cpp(720): [client invalid.client.server.ip:38632] <2213414857746682> calling closeConn() with non-null URL* at 720
[Mon Jan 30 08:11:08.505735 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1860): [client invalid.client.server.ip:38632] <2213414857746682> canRecycle: conn=1 status=200 isKA=1 clen=-1 isCTE=1
[Mon Jan 30 08:11:08.505748 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3147): [client invalid.client.server.ip:38632] <2213414857746682> closeConn: pooling for 'app.weblogic.server.ip/7003'
[Mon Jan 30 08:11:08.505759 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3161): [client invalid.client.server.ip:38632] <2213414857746682> closeConn: pooling '0'
[Mon Jan 30 08:11:08.505774 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ap_proxy.cpp(735): [client invalid.client.server.ip:38632] <2213414857746682> request [/myapplication/CuentaVerifierBean] processed successfully..................
[Mon Jan 30 08:11:08.505925 2017] [ssl:debug] [pid 22134:tid 140183680829184] ssl_engine_io.c(992): [client invalid.client.server.ip:38632] AH02001: Connection closed to child 132 with standard shutdown (server qaserver.mycompany.com.ar:443)
[Mon Jan 30 08:11:08.506987 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(776): BEFORE acquire_lock
[Mon Jan 30 08:11:08.507015 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(786): AFTER acquire_lock
[Mon Jan 30 08:11:08.507022 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(789): List size is 1
[Mon Jan 30 08:11:08.507028 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(796): Cleaning up the list node 'ibsibqamyapplication01:7003,ibsibqamyapplication02:7003'list Length '2''
[Mon Jan 30 08:11:08.507038 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(816): stale connections: KA = 20, delta = 0'
它应该以握手失败退出,而不是重试
最佳答案
在Apache 2.4 or above 中,你可以这样做,
<If "%{REMOTE_ADDR} != 'xx.xx.xx.xx">
SSLVerifyClient require
SSLOptions +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
...
...
</If>
关于APACHE - 如何绕过特定来源 IP 的 SSL?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41893754/